As promised, I’ll be posting the weekly internet safety lessons that I’m writing in collaboration with the internet safety group iKeepSafe that will introduce digital literacy, safety, security and privacy topics to students and families through current news articles.

Here’s a quick overview: News reports about the repercussions of sharing thoughts, attitudes, actions photos, videos, and more through online services have increasingly been making headlines this year. Whether personal information and private comments are exposed through leaks, hacks, changes in privacy settings, new features, or general indiscretion, the fallout is beginning to catch up with consumers of all ages. This lesson will help students and families develop an understanding of the very real likelihood that any content they post online will be seen by far more people than they intended to share with, and how understanding this reality can help them make smarter choices about what and what not to share. Take a look and start the conversation in your home…..

The number of youth who report that their accounts have been hacked has doubled from 15% to 30% since 2009 according to a new Associated Press-MTV poll. Of the teens with hacked accounts 72% say they knew who was spying on them, and 65% say they knew who had hacked them, and nearly half were upset by the invasions.

While many ‘hacks’ are simply friends taking an opportunity to tease someone that stepped away from their computer or phone for a moment, a significant number of account hijackings are deliberately malicious.

According to the poll, two-thirds of youth who have experienced hacking have subsequently taken steps to better protect themselves, by changing their passwords or changing their email address, screen name or phone number. Fully 25% said they have deleted a social networking profile.

The doubling of account hacking, hijacking, or intrusions in the past two years suggests that as a culture we have not yet instilled in youth (or adults?) the level of respect and privacy due to others online. That half of the kids who experienced hacking/spying were upset says makes it clear that at least half the time these hacks weren’t a joke – no matter what the intent may have been of the person who breached their accounts.

To illustrate this gap in ethical online behavior, look at these two questions from the Survey; you can see that the number of students who have considered the possible damage of acting out online has increased – but that consideration does not seem to have translated into better behavior – or we wouldn’t have seen a doubling of hacking and spying incidents.

Greater Awareness of Ethical and Criminal Concerns Needed

The discovery and abuse of someone’s password and account to damage their reputation, make a ‘joke’, deliberately cyberbully, or cause some other form of ‘drama’ is a common problem among youth today that needs to be addressed head on.

If you are parents, talk to your children, if you interact with minors talk with them. Help them understand that while discovering other people’s passwords or using their account when they’ve stepped away is often easy to do, but it is not acceptable. No matter whether a person’s password is so weak that it can be guessed in a matter of minutes, or the person shared their password, or they walked away from their computer without logging out of their accounts no one has the right to use their password or their account.

Youth – and adults – need to recognize there is a big difference in being able to discover a password or access an account and having the right to use it. In fact, using someone else’s account can carry real criminal penalties as more than a few youth are discovering.

For example, In California the penal code says “Every person who willfully obtains personal identifying information… of another person, and uses that information for any unlawful purpose . . . without the consent of that person, is guilty of a public offense, and upon conviction . . . shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment in the state prison.”

The law also defines what it means by personal identifying information. It includes“any name, address, telephone number… state or federal driver’s license, or identification number, social security number…PIN (personal identification number) or password…” and much more.

California is far from the only state bringing more stringent laws to bear on cases of account abuse, and ever more states are stepping up on this issue. If youth – and adults – can’t act ethically for decency’s sake, perhaps the legal deterrent will be a motivator.

The phone hacking scandal that’s rocked Britain, shut down the 168-year-old News of the World tabloid, led to the resignation of high ranking British police officials and Downing Street’s communications director, and put Rupert Murdoch in the hot-seat is but one symptom of an overall increase in cell and email snooping.

While the British scandal centers around the hacking of a murdered schoolgirl’s phone, and the subsequent hacking of phones belonging to rich and famous people, relatives of slain servicemen killed in Iraq and Afghanistan, and possibly the families of British victims of the 9/11 attacks, most cell phone and email hacking is much more mundane.

According to a July 2011 Retrevo Gadgetology Report, snooping by romantic partners via email and cell phone is on the rise. – And they didn’t survey those who are snooping on ex’s.

Among their findings:

Overall, 33% of respondents said they had checked the email or call history of someone they were dating without them knowing in 2011, up 43% from 23% in 2010.

47% of respondents younger than 25 have snooped, up 24% over 2010.

41% of women admit to having checked the email/call history of a romantic partner or spouse, 28% higher than the 32% of men who have done so.

32% of overall respondents say they would secretly track a spouse/partner using an electronic device if they suspected wrongdoing. This includes 33% of women and 31% of men, giving women a 6% edge.

59% of overall parents say they would secretly track a child using an electronic device if they suspected wrongdoing. This includes 64% of mothers and 53% of fathers, making women 21% more likely to snoop on a child.

Slightly more married couples snoop on their spouses (37%).

The number of parents snooping is highest among parents of teenagers, with 60% snooping on their kids and possibly for good reason, as 14% of those parents reported finding something they were concerned about.

Overall, adults are 84% more likely to secretly track a child than a spouse/partner. This differential is 94% for women and 71% for men.

34% of parents of children age 13-19 have used Facebook to learn more about the parents of their children’s friends. This makes parents of teens the most likely of all parents of children younger than 20 to snoop on Facebook in this way, followed by parents of children age 6-12 (29%) and children age 0-5 (25%).

­­­­9 Steps to avoid becoming a phone or email hacking victim

A few basic precautions can significantly reduce the chances your phone or email will be hacked by friends or romantic partners, ex-friends or -romantic partners, students, teachers, parents, children, or others you know.

PIN/password protect your cell phone and email. Strong, unique, PIN numbers and passwords are a must. Choosing ‘password’ or something else obvious doesn’t cut it. The same goes for PIN numbers. You must change your phone’s default PIN number to something unique. Choosing easy to guess numbers like your birthdate or ‘1234’ is asking for trouble.

Once you have created safe logins don’t tell anyone what they are and change them periodically.

Be consistent about locking your phone and email accounts. All the passwords in the world are useless if you leave your account/phone unlocked and unattended. Make a habit of locking accounts whenever you are not in control of the device – whether it’s your phone or your computer.

Do not use any automatic sign-in functionality or password reminder tools on shared computers. If you do, everyone who shares the computer may have full access to your accounts. XXXXXX Similarly, many phone services allow you to call your own voicemail without having to enter your PIN if you call from your own phone number. While this is convenient for you, it’s even more convenient for someone else who wants to hear your voice messages. The problem is that your voicemail isn’t actually checking to see if the call came from your phone, it just checks to see if it came from your phone number which is very easy to spoof or fake. All someone has to do is use a service like SpoofCard that allows a user to make their number appear to be whatever number they want it to be – like yours. Then they dial ‘their’ number to hear your messages. By the way, SpoofCard now allows you to spoof SMS’s as well. Just imagine how much additional damage this can cause in the hands of a bully, stalker, or other freak with malicious intent. To best protect yourself, skip the convenience of automatically retrieving your voice messages, and set your voicemail to require your PIN to keep would-be snoopers at bay.

Use strong, up-to-date security products on your cell phone and computers. All it takes to learn everything on your device is one little piece of malware – and there are only two things between you and an infection: 1) Strong security software, and 2) your ability to spot fraud.

Your ability to spot fraud: Spam and scams come at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these 14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the webpage) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.

Avoid logging into accounts when using public wireless networks – you don’t know if these are safe or compromised. See my blog Like Lambs to the Slaughter? Firesheep Lets Anyone be a Hacker. Since many smartphone users use free WiFi hotspots to access data (and keep their phone plan costs down) smartphones are also more susceptible when leveraging public networks.

Check your computer and phone for monitoring tools. Family safety tools are designed to help parents protect their children, but all too often these tools are used to monitor spouses, friends, ex’s, etc. To know if you are being monitored – and all your interactions recorded and reported – you’ll need to check for monitoring tools. Online Tech Tips has an article titled How to detect computer & email monitoring or spying software that can be quite helpful.

On phones, consider who sees your monthly statement. If family members have access to your statements, they can see who you called (phone number look up), who called you, and the times of day these occurred. This is also true of your text messages. If this is more information that you want snooped through, get your own plan and don’t leave your statements lying around.

Don’t use location toolsthat track and broadcast your location. There are two types of location tools, those that you can ping to get information like driving directions, and those that track your location to broadcast to others. If you don’t want to be snooped, tracked or stalked, don’t use a tool that can track you.

Applying these precautions to your mobile and email usage will not guarantee that you aren’t snooped or hacked, but they will go a long way towards protecting you from the snoops in your life. If nearly half (47%) of the under-20 crowd are snooping, the non-snooping half had better start defending.

Sending spam from legitimate user’s email accounts has become rampant as spammers switch from using botnets. This week alone, I’ve received spam sent via my mother’s and two friend’s email accounts – and received frantic calls asking how to fix the problem. Read more on fixing the problem later in this blog.

To address the nearly 30% of Hotmail generated through compromised accounts, Microsoft has launched a new feature in Hotmail. Called “my friend’s been hacked” and found under the “Mark as” dropdown, a simple click allows friends to report compromised accounts directly to Hotmail.

Microsoft’s Dick Craddock explains that “when you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise.”

Once Hotmail has marked the account as compromised, two steps are taken:

The account can no longer be used by the spammer

You (or your compromised friend) are put through an account recovery flow that helps them take back control of their account.

What’s really cool about the work the Hotmail team has done is that it can be used to report problems with accounts hosted by other email providers as well. So for example, Yahoo! or Gmail receives a notice from Hotmail if one of their user’s accounts has been compromised and can take action.

Additionally, the Hotmail team has recognized that weak passwords are a large part of the problem – it’s just too easy for spammers to hack flimsy passwords. To address this, the service will soon roll out a new feature requiring stronger passwords. If you’re currently using a common password, you may be asked to strengthen it in the future.

Changing spam tactics

The takedown of the Rustock botnet dealt a telling blow to spammers and dropped spam volumes by almost 30% overnight (see Kudos to MSFT for Strangling the Rustock Spambot) and highlights a vulnerability in the botnet approach. Not only did spammers have to pay to rent the botnets, their distribution method could be shut off in one well-researched swoop.

A report out this month by Commtouch explains this shift in tactics saying “The move away from botnet spam can be attributed to the use of IP reputation mechanisms that have been increasingly successful in blacklisting zombie IP addresses and therefore blocking botnet spam.

The blocking of spam from compromised accounts based on IP address is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail).

One of the primary aims of the larger malware outbreaks and phishing attacks of this quarter is therefore to acquire enough compromised accounts to make spamming viable. The catch for spammers: While spam from compromised accounts is less likely to get blocked by IP reputation systems, the volumes that can be sent are lower due to the thresholds imposed on these accounts. This at least partially accounts for the lower spam volumes seen this quarter.”

Back-to-School time means hacker-proofing school’s computers. While protecting students online safety is a must, so is protecting school computers from malicious students.

It’s an administrator’s nightmare – students hacking school databases to change grades, stealing computer passwords, infecting computers with key-stroke logging malware, accessing secure sections of school sites, posting pornography or hate content on school sites, or hijacking a school’s website.

And it is a reality schools across the country struggle with.

“Students are very, very tech-savvy. Far more savvy than the majority of adults at our school,” says Michael Wilson, the principal of the 775-student Haddonfield Memorial High where keystroke logging malware was used to discover passwords and gain access to protected areas on the school’s computer network.

School systems are uniquely vulnerable to hacking, says James E. Culbert, an information-security analyst for the 135,000-student Duval County schools in Jacksonville, Fla. “In the case of our school system, we’ve got 135,000 [potential] hackers within our district, inside of our same network that houses our student-information systems and HR systems.”

Staying ahead of would-be hackers is not a one-fix solution; it’s an ongoing process that periodically assesses new and existing threats and updates security practices.

If you’re school is struggling with hacking, or you are unsure of the steps your school is taking, review the 8 Tips to preventing student hackers from accessing school computers:

Ensure school computers have up-to-date security software installed, and that it automatically updates. Be sure firewalls are set, and enforce the use of strong passwords.

Set the ground rules that outline what is (and isn’t) acceptable use of school computers, and make sure students and their parents are aware of both the rules and the consequences for hacking, harassment security breaches, or failing to adhere to the schools acceptable use policy. Talk about these standards periodically, not just during the first week of school.

Leverage content filtering technologies that help prevent students from seeking out inappropriate online content.

Swiftly and consistently, address any misuse of the schools computer system.

Require each user – teacher or student – to use a unique login. Some schools have strengthened their networks by clearly identifying if it is a teacher or a student who is logging in. Some also time-stamp when the account was last accessed allowing teachers to quickly see if their account has been compromised.

Use two networks – one for students, another for teachers and staff. This makes it harder for students to hack into sensitive information.

Educate teachers, staff and parent volunteers about the school’s internet access policies so they can stay vigilant in monitoring students online use and actions.

Teach internet safety and digital responsibility to help students develop a strong online ethic.